<?php
include_once('settings.php');

$host = $dbhost;
$user = $dbuser;
$pass = $dbpass;
$database = $dbname;
//mapping of user credentials
//this is for the sql2xml module only

//structure of cp5360.keywords
//cp_ida - id of each transaction
//cp_las - last keyword
//cp_cur - current keyword
//cp_cnt - count of keywords

function convert($variable) {
	$stripped = ereg_replace("[^A-Za-z0-9]", "", $variable);
		if (ctype_alnum($stripped)) 
			return true;
		else
			return false;
} //function to convert all GET variables to clean ones

$error=0;

if (!empty($_GET)) {	
	foreach($_GET as $var) {	
		if (convert($var)) {
			$post[]=$var; //assigns all GET variables to array post			
			$error=0;
		} else
			$error=1; //if any of the GET variables has an illegal format, error is raised
	}	
} else {
	$error=1;
}


if ($error==0) {
	//echo all GET variables, iff all are legal in terms of content
	$conn = mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');
	mysql_select_db($dbname);
	//connect to the database first
	
	$check = mysql_query("select * from keywords") or die(mysql_error());
	$count = mysql_num_rows($check);

		if ($count>0) {							
			//$query1 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\" and cp_cur = \"".$post[1]."\"") or die(mysql_error());
			$query1 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\"") or die(mysql_error());
			$count = mysql_num_rows($query1);

			if ($count > 0) {

						if (count($_GET)==2) {			
							$query4 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\" and cp_cur = \"".$post[1]."\"") or die(mysql_error());
							$count = mysql_num_rows($query4);
						} elseif (count($_GET)==1) {
							$query4 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\"") or die(mysql_error());
							$count = mysql_num_rows($query4);				
						} else {
							$query4 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\" and cp_cur = \"".$post[1]."\"") or die(mysql_error());
							$count = mysql_num_rows($query4);						
						}
					
						if($count>0) {
							$getans = mysql_fetch_array($query4) or die(mysql_error());			
							$cnt = $getans['cp_cnt']+1;							
							$update = mysql_query("UPDATE keywords SET cp_cnt = '".$cnt."' WHERE cp_ida = \"".$getans['cp_ida']."\"") or die(mysql_error());
							
								$name = strftime('cp5360_%m_%d_%Y_%H_%M_%S.xml');
								header('Content-Disposition: attachment;filename=' . $name);				
								header("Content-type: text/xml");								
								$xml_output = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>\n";
								$xml_output .= "<KeywordInformation>\n";
								
								$query2 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\"") or die(mysql_error());
								$count2 = mysql_num_rows($query2);
								
								for($x=0; $x<$count2; $x++){
									$row = mysql_fetch_array($query2);
									$requestedcount = $requestedcount + $row['cp_cnt'];				
								}
								
								$xml_output .= "\t<RequestedKeyword>\n";
								$xml_output .= "\t<Keyword>\n";
								$xml_output .= "\t\t<Name>" . $post[0] . "</Name>\n";
								$xml_output .= "\t\t<SearchCount>" . $requestedcount . "</SearchCount>\n";
								$xml_output .= "\t</Keyword>\n";
								$xml_output .= "\t</RequestedKeyword>\n";
								
								$query3 = mysql_query("select * from keywords where cp_las = \"".$post[0]."\"") or die(mysql_error());
								$count3 = mysql_num_rows($query2);
								$xml_output .= "<RelatedKeywords>\n";								
								for($x=0; $x<$count3; $x++){
									$row = mysql_fetch_assoc($query3);
										if ($row['cp_cur']!="") {									
											$xml_output .= "\t<Keyword>\n";
											$xml_output .= "\t\t<Name>" . $row['cp_cur'] . "</Name>\n";					
											$xml_output .= "\t\t<SearchCount>" . $row['cp_cnt'] . "</SearchCount>\n";	
											$xml_output .= "\t</Keyword>\n";
										} else {
											continue;
										}
								}
								$xml_output .= "</RelatedKeywords>\n";				
								$xml_output .= "</KeywordInformation>";									
								echo $xml_output;			
							
						} else {
							$getlastid = mysql_query("select * from keywords order by cp_ida desc limit 1");
							$count =  mysql_num_rows($getlastid);		
							$result_id = mysql_fetch_array($getlastid);
							$newid = $result_id['cp_ida']+1;							
					
							$insert_info = mysql_query("INSERT INTO keywords (`cp_ida`, `cp_las`, `cp_cur`, `cp_cnt`)
							VALUES ('".$newid."', '".$post[0]."', '".$post[1]."', '1'
							)") or die(mysql_error());
							//issue an insert statement for a new combination													
						} 								
				
			} else {	
															
				$getlastid = mysql_query("select * from keywords order by cp_ida desc limit 1");
				$count =  mysql_num_rows($getlastid);		
				$result_id = mysql_fetch_array($getlastid);
				$newid = $result_id['cp_ida']+1;							
		
				$insert_info = mysql_query("INSERT INTO keywords (`cp_ida`, `cp_las`, `cp_cur`, `cp_cnt`)
				VALUES ('".$newid."', '".$post[0]."', '".$post[1]."', '1'
				)") or die(mysql_error());
				//issue an insert statement for a new combination								
			}
									
		} else {
			$newid = 0;	

			$insert_info = mysql_query("INSERT INTO keywords (`cp_ida`, `cp_las`, `cp_cur`, `cp_cnt`)
			VALUES ('".$newid."', '".$post[0]."', '".$post[1]."', '1'
			)") or die(mysql_error());			
			//issue the first statement if the table is empty
		} //end of if
				
} else {
	return false;
} //end of API here

?>